GDPR related processes are heavily manual but require precise action and are regulatory mandatory. After the adoption of the regulation in May ‘2018, the companies have equipped themselves with the necessary Legal frameworks, hired Data Protection Officers and created necessary documentation like Privacy policies etc. Even all the websites are now requiring acceptance of the cookies and users’ data usage.

Our observation though is that the companies are still suffering to perform effectively the operation processes for data storage, organization, updates and purge. The level of automation is very low or does not exist.

 

Let’s review the situation when the customer is no longer using the Bank’s or any Company’s services from the other service industries.

The Company is supposed to no longer store the customer data.

 

How does this process happen in reality?

Banks and other Companies usually use more than one system where they store customer data. When the customers leave they are facing the issue to identify for which customers they have to purge data and in which systems they store the data for each and every customer based on the services that he/she used to use.

 

In that case, it is necessary to have an automated process to follow up on the customer statuses and find and purge its data once he/she is no longer customer.

For middle to big-sized organizations, this process may require 10-15 or more people to do the process manually.

 

Our experience in the automation of this process is that it can bring significant efficiency to this process while keeping the organizations compliant with the regulations.

 

Our general approach to GDPR compliance is shown below:

Who?

The Data Subjects

Where and What?

Systems involved and what it contains

Why, When, How?

What to delete?
When to delete?
How to delete?

Who and What?

Who to notify?
What to notify?

Key points in GDPR

Data Classification
Identifies PII (Personally Identifiable Information) as part of the scope. Recognizes different data Types and Data Subjects.

    Data Store Identification
    Works with as many as necessary data store applications – Core Systems, Web applications, Emails, Shared Drive folders

    Delete a single record or a bulk
    Can purge Customer by customer or Many Customers at once based on excel sheets/emails sent.

    Notifications
    Examples:
    Asking human for permission to purge
    Post Purge Information

    How it works

    • Rule-based Purge of PII (Personally Identifiable Information) data

    Example:
    Applicable only for Respondents from European Union (EU). To be detected via Country, Customer Time  Zone abbreviations where possible.

    • Auto triggered

    Examples:
    Data stored and elapsed 90 days from “Today’s date” or Loan expired and repaid or Account closed

    • Adhoc triggered

    Example:
    Email sent/keywords based trigger

    • Methods to purge

    a) User Approach –> open the application > find the record > Delete or Replace Data
    b) Automation via SQL Stored Procedures to execute directly in the database

    The Results

    Processing time decrease from 10 min to less than 1 min

    70 % reduction of operations costs

    90 % of the cases processed automatically

    About us

    We aim at bringing value-added solutions at almost no efforts by You – our Customer.

    Our power is in listening to you and understanding your processes.

    Call us for more information:

    Sofia office: +359 882 016 062

    London office: +44 753 555 2677

    Contact us through our form: